SHELLCODE – EXPLOITING SOFTWARE 04/11

Exploitation and GOTs with Python
By Craig Wright

If we can write into the GOT, we can effectively redirect the execution flow of a program and allowing ourselves to gain a root shell. This article is a follow-up and second part of a look at format strings in the C and C++ programming languages; in particular, how these may be abused. The article goes on to discuss crafting attacks using Python in order to attack through DPA (Direct Parameter Access) such that you can enact a 4-byte overwrite in the DTORS and GOT . This time author endeavoured to make the process of exploiting format string vulnerabilities as simple as possible for the inexperienced exploit developer. A basic knowledge of Python has been assumed as well as an understanding of the Linux operating system and how to use gdb. This starts off with detailing the use of Direct Parameter access and how this process works and then describes the Global Offset Tables in detail. You will see that using the exploitation of Direct Parameter Access (DPA) will allow us to write into the address of our choosing.

Shellcode: From a Simple Bug to OS Control
By Amr Thabet

The secret behind any good exploit is a reliable shellcode. The shellcode is the most important element in your exploit. Generating shellcode with automated tools only helps so much in formulating your exploit. Knowing how to create your own shellcode will help you overcome barriers that lie ahead, and that’s what this article will demonstrate.
You will learn how to write a reliable shellcode on the Win32 plaform, how to bypass the obstacles that you will face in writing a win32 shellcode, and how to implement your shellcode into Metasploit.

Detecting Ipv6: Rouge Router Incidents Using Bro NSM
By Matti Mantere

Internet Protocol version 6 (IPv6) has been a long time coming. As the protocol is making its entrance several security risks of varying criticality are known to exist. However, the amount of skilled personnel needed to assure the security of IPv6 network deployment as well as awareness of the said risks remains woefully low. As IPv6 migration slowly gains momentum, situations where administrators responsible for deployment of network equipment have very poor knowledge and non-existent operational experience of the new protocol are unavoidable. Matti depicts one method for detecting them using open source Bro NSM. Bro Network Security Monitor (Bro NSM) is a flexible open source network analysis framework that is freely distributed under BSD license.

Application Security 101: Our Dynamic Threat Landscape
By Anthony Czarnik

Over the last couple of years, industry statistics clearly indicate two major changing trends regarding the information technology threat landscape. First, applications are now targeted as the primary attack vector, to the extent that 75% of current, reported attacks target the application layer. Although we have interest in threats, as security professionals with a responsibility to the owners of our assets, our security decisions should ultimately be based on risk. You will see how vulnerabilities in applications that access sensitive data can lead to significant loss.

Interview with Aldo Ceccarelli

Two simple ingredients: when choosing follow your real passion in order to be able to deliver your best talents and at full capacity; be curious when learning and generous when teaching. Bonus track: patient when teamworking! – says Aldo Ceccarelli, Chief Information Officer and Business Process Expert at SEDAMYL SPA, joint-venture partner of Syral. You will see why managers love Python and what are the top emerging threats.